<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
<script>
if (window.testRunner)
    testRunner.dumpAsText();
</script>
</head>
<body>
<script>
eval("alert('FAIL (1 of 2)')");
</script>
<script>
window.eval("alert('FAIL (2 of 2)')");
</script>
</body>
</html>
